Fix thread-safety in AppSecRequestContext derivatives field #9923

jandro996 · 2025-11-10T09:29:11Z

What Does This Do

The derivatives field in AppSecRequestContext used a volatile Map that didn't guarantee atomicity for read-modify-write operations. This could cause race conditions when multiple threads tried to report derivatives simultaneously, for instance:

java.util.ConcurrentModificationException
  at java.base/java.util.HashMap$HashIterator.nextNode(Unknown Source)
  at java.base/java.util.HashMap$EntryIterator.next(Unknown Source)
  at java.base/java.util.HashMap$EntryIterator.next(Unknown Source)
  at com.datadog.appsec.gateway.AppSecRequestContext.commitDerivatives(AppSecRequestContext.java:944)
  at com.datadog.appsec.api.security.AppSecSpanPostProcessor.extractSchemas(AppSecSpanPostProcessor.java:87)
  at com.datadog.appsec.api.security.AppSecSpanPostProcessor.process(AppSecSpanPostProcessor.java:57)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.maybeTracePostProcessing(TraceProcessingWorker.java:270)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.onEvent(TraceProcessingWorker.java:187)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.consumeFromSecondaryQueue(TraceProcessingWorker.java:218)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.runDutyCycle(TraceProcessingWorker.java:174)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.run(TraceProcessingWorker.java:161)
  at java.base/java.lang.Thread.run(Unknown Source)

or

java.lang.NullPointerException
  at com.datadog.appsec.gateway.AppSecRequestContext.close(AppSecRequestContext.java:649)
  at com.datadog.appsec.api.security.AppSecSpanPostProcessor.process(AppSecSpanPostProcessor.java:65)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.maybeTracePostProcessing(TraceProcessingWorker.java:270)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.onEvent(TraceProcessingWorker.java:187)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.consumeFromPrimaryQueue(TraceProcessingWorker.java:208)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.runDutyCycle(TraceProcessingWorker.java:173)
  at datadog.trace.agent.common.writer.TraceProcessingWorker$TraceSerializingHandler.run(TraceProcessingWorker.java:161)
  at java.base/java.lang.Thread.run(Unknown Source)

Migrates the derivatives field from: private volatile Map<String, Object> derivatives; to: private final AtomicReference<Map<String, Object>> derivatives = new AtomicReference<>();

Motivation

Fix error tracking reports:

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any useful labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the CODEOWNERS file on source file addition, move, or deletion
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-59850 and APPSEC-59884

datadog-datadog-prod-us1 · 2025-11-10T10:31:24Z

🎯 Code Coverage
• Patch Coverage: 100.00%
• Total Coverage: 54.32% (-5.31%)

View detailed report

_{This comment will be updated automatically if new data arrives.

🔗 Commit SHA: 270a64c | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

pr-commenter · 2025-11-10T11:00:08Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/fix-derivatives
git_commit_date	1762804509	1762855598
git_commit_sha	`7aef6ed`	`270a64c`
release_version	1.56.0-SNAPSHOT~7aef6ed5f2	1.56.0-SNAPSHOT~270a64c93d

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1762857408	1762857408
ci_job_id	1227256780	1227256780
ci_pipeline_id	81922586	81922586
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-w0ycrvi4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-w0ycrvi4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 11 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.045 s) : 0, 1045201
Total [baseline] (10.84 s) : 0, 10839558
Agent [candidate] (1.047 s) : 0, 1047480
Total [candidate] (10.742 s) : 0, 10741719
section appsec
Agent [baseline] (1.22 s) : 0, 1220276
Total [baseline] (10.914 s) : 0, 10913749
Agent [candidate] (1.223 s) : 0, 1222622
Total [candidate] (10.846 s) : 0, 10845718
section iast
Agent [baseline] (1.186 s) : 0, 1186393
Total [baseline] (11.153 s) : 0, 11152731
Agent [candidate] (1.201 s) : 0, 1200787
Total [candidate] (11.175 s) : 0, 11174564
section profiling
Agent [baseline] (1.202 s) : 0, 1202093
Total [baseline] (10.839 s) : 0, 10839399
Agent [candidate] (1.195 s) : 0, 1195316
Total [candidate] (10.957 s) : 0, 10956752

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.045 s	-
Agent	appsec	1.22 s	175.075 ms (16.8%)
Agent	iast	1.186 s	141.193 ms (13.5%)
Agent	profiling	1.202 s	156.892 ms (15.0%)
Total	tracing	10.84 s	-
Total	appsec	10.914 s	74.19 ms (0.7%)
Total	iast	11.153 s	313.173 ms (2.9%)
Total	profiling	10.839 s	-159.092 µs (-0.0%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.047 s	-
Agent	appsec	1.223 s	175.142 ms (16.7%)
Agent	iast	1.201 s	153.307 ms (14.6%)
Agent	profiling	1.195 s	147.836 ms (14.1%)
Total	tracing	10.742 s	-
Total	appsec	10.846 s	103.998 ms (1.0%)
Total	iast	11.175 s	432.844 ms (4.0%)
Total	profiling	10.957 s	215.033 ms (2.0%)

gantt
    title petclinic - break down per module: candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.453 ms) : 0, 1453
crashtracking [candidate] (1.448 ms) : 0, 1448
BytebuddyAgent [baseline] (703.297 ms) : 0, 703297
BytebuddyAgent [candidate] (705.008 ms) : 0, 705008
GlobalTracer [baseline] (245.462 ms) : 0, 245462
GlobalTracer [candidate] (245.85 ms) : 0, 245850
AppSec [baseline] (32.324 ms) : 0, 32324
AppSec [candidate] (32.319 ms) : 0, 32319
Debugger [baseline] (6.345 ms) : 0, 6345
Debugger [candidate] (6.371 ms) : 0, 6371
Remote Config [baseline] (698.511 µs) : 0, 699
Remote Config [candidate] (706.876 µs) : 0, 707
Telemetry [baseline] (13.744 ms) : 0, 13744
Telemetry [candidate] (13.086 ms) : 0, 13086
Flare Poller [baseline] (7.199 ms) : 0, 7199
Flare Poller [candidate] (8.053 ms) : 0, 8053
section appsec
crashtracking [baseline] (1.446 ms) : 0, 1446
crashtracking [candidate] (1.448 ms) : 0, 1448
BytebuddyAgent [baseline] (728.074 ms) : 0, 728074
BytebuddyAgent [candidate] (729.578 ms) : 0, 729578
GlobalTracer [baseline] (236.87 ms) : 0, 236870
GlobalTracer [candidate] (237.791 ms) : 0, 237791
AppSec [baseline] (175.142 ms) : 0, 175142
AppSec [candidate] (174.725 ms) : 0, 174725
Debugger [baseline] (5.995 ms) : 0, 5995
Debugger [candidate] (6.033 ms) : 0, 6033
Remote Config [baseline] (647.423 µs) : 0, 647
Remote Config [candidate] (642.704 µs) : 0, 643
Telemetry [baseline] (8.538 ms) : 0, 8538
Telemetry [candidate] (8.504 ms) : 0, 8504
Flare Poller [baseline] (4.03 ms) : 0, 4030
Flare Poller [candidate] (4.04 ms) : 0, 4040
IAST [baseline] (24.771 ms) : 0, 24771
IAST [candidate] (24.987 ms) : 0, 24987
section iast
crashtracking [baseline] (1.467 ms) : 0, 1467
crashtracking [candidate] (1.483 ms) : 0, 1483
BytebuddyAgent [baseline] (832.995 ms) : 0, 832995
BytebuddyAgent [candidate] (844.213 ms) : 0, 844213
GlobalTracer [baseline] (236.466 ms) : 0, 236466
GlobalTracer [candidate] (237.977 ms) : 0, 237977
AppSec [baseline] (26.987 ms) : 0, 26987
AppSec [candidate] (28.4 ms) : 0, 28400
Debugger [baseline] (6.012 ms) : 0, 6012
Debugger [candidate] (6.123 ms) : 0, 6123
Remote Config [baseline] (601.506 µs) : 0, 602
Remote Config [candidate] (606.122 µs) : 0, 606
Telemetry [baseline] (8.331 ms) : 0, 8331
Telemetry [candidate] (8.738 ms) : 0, 8738
Flare Poller [baseline] (4.107 ms) : 0, 4107
Flare Poller [candidate] (4.154 ms) : 0, 4154
IAST [baseline] (34.533 ms) : 0, 34533
IAST [candidate] (34.032 ms) : 0, 34032
section profiling
ProfilingAgent [baseline] (111.473 ms) : 0, 111473
ProfilingAgent [candidate] (111.004 ms) : 0, 111004
crashtracking [baseline] (1.454 ms) : 0, 1454
crashtracking [candidate] (1.456 ms) : 0, 1456
BytebuddyAgent [baseline] (735.131 ms) : 0, 735131
BytebuddyAgent [candidate] (730.111 ms) : 0, 730111
GlobalTracer [baseline] (223.853 ms) : 0, 223853
GlobalTracer [candidate] (222.197 ms) : 0, 222197
AppSec [baseline] (32.436 ms) : 0, 32436
AppSec [candidate] (32.497 ms) : 0, 32497
Debugger [baseline] (9.85 ms) : 0, 9850
Debugger [candidate] (7.61 ms) : 0, 7610
Remote Config [baseline] (682.607 µs) : 0, 683
Remote Config [candidate] (1.403 ms) : 0, 1403
Telemetry [baseline] (12.898 ms) : 0, 12898
Telemetry [candidate] (14.733 ms) : 0, 14733
Flare Poller [baseline] (4.245 ms) : 0, 4245
Flare Poller [candidate] (4.169 ms) : 0, 4169
Profiling [baseline] (112.127 ms) : 0, 112127
Profiling [candidate] (111.701 ms) : 0, 111701

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.057 s) : 0, 1056606
Total [baseline] (8.655 s) : 0, 8654992
Agent [candidate] (1.048 s) : 0, 1048409
Total [candidate] (8.617 s) : 0, 8616925
section iast
Agent [baseline] (1.178 s) : 0, 1177730
Total [baseline] (9.243 s) : 0, 9243443
Agent [candidate] (1.184 s) : 0, 1183508
Total [candidate] (9.256 s) : 0, 9256237

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.057 s	-
Agent	iast	1.178 s	121.124 ms (11.5%)
Total	tracing	8.655 s	-
Total	iast	9.243 s	588.451 ms (6.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.048 s	-
Agent	iast	1.184 s	135.099 ms (12.9%)
Total	tracing	8.617 s	-
Total	iast	9.256 s	639.312 ms (7.4%)

gantt
    title insecure-bank - break down per module: candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.475 ms) : 0, 1475
crashtracking [candidate] (1.455 ms) : 0, 1455
BytebuddyAgent [baseline] (711.207 ms) : 0, 711207
BytebuddyAgent [candidate] (705.526 ms) : 0, 705526
GlobalTracer [baseline] (248.015 ms) : 0, 248015
GlobalTracer [candidate] (246.124 ms) : 0, 246124
AppSec [baseline] (32.755 ms) : 0, 32755
AppSec [candidate] (32.396 ms) : 0, 32396
Debugger [baseline] (6.527 ms) : 0, 6527
Debugger [candidate] (6.424 ms) : 0, 6424
Remote Config [baseline] (714.635 µs) : 0, 715
Remote Config [candidate] (708.535 µs) : 0, 709
Telemetry [baseline] (13.817 ms) : 0, 13817
Telemetry [candidate] (12.166 ms) : 0, 12166
Flare Poller [baseline] (7.224 ms) : 0, 7224
Flare Poller [candidate] (8.935 ms) : 0, 8935
section iast
crashtracking [baseline] (1.463 ms) : 0, 1463
crashtracking [candidate] (1.467 ms) : 0, 1467
BytebuddyAgent [baseline] (827.015 ms) : 0, 827015
BytebuddyAgent [candidate] (832.288 ms) : 0, 832288
GlobalTracer [baseline] (234.173 ms) : 0, 234173
GlobalTracer [candidate] (234.776 ms) : 0, 234776
AppSec [baseline] (28.624 ms) : 0, 28624
AppSec [candidate] (28.624 ms) : 0, 28624
Debugger [baseline] (5.974 ms) : 0, 5974
Debugger [candidate] (6.002 ms) : 0, 6002
Remote Config [baseline] (598.755 µs) : 0, 599
Remote Config [candidate] (593.791 µs) : 0, 594
Telemetry [baseline] (8.339 ms) : 0, 8339
Telemetry [candidate] (8.435 ms) : 0, 8435
Flare Poller [baseline] (4.135 ms) : 0, 4135
Flare Poller [candidate] (4.118 ms) : 0, 4118
IAST [baseline] (32.691 ms) : 0, 32691
IAST [candidate] (32.259 ms) : 0, 32259

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/fix-derivatives
git_commit_date	1762804509	1762855598
git_commit_sha	`7aef6ed`	`270a64c`
release_version	1.56.0-SNAPSHOT~7aef6ed5f2	1.56.0-SNAPSHOT~270a64c93d

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1762857905	1762857905
ci_job_id	1227256781	1227256781
ci_pipeline_id	81922586	81922586
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-hcj0s2e4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-hcj0s2e4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 10 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:profiling:high_load	better [-134.504µs; -99.029µs] or [-6.636%; -4.885%]	unstable [-173.565op/s; +437.002op/s] or [-7.793%; +19.621%]	1.910ms	2358.938op/s	2.027ms	2227.219op/s
scenario:load:petclinic:no_agent:high_load	worse [+1.462ms; +1.861ms] or [+8.417%; +10.719%]	unstable [-51.843op/s; +5.155op/s] or [-19.297%; +1.919%]	19.026ms	245.312op/s	17.365ms	268.656op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.177 ms) : 1166, 1189
.   : milestone, 1177,
iast (3.188 ms) : 3143, 3232
.   : milestone, 3188,
iast_FULL (5.681 ms) : 5625, 5738
.   : milestone, 5681,
iast_GLOBAL (3.598 ms) : 3542, 3653
.   : milestone, 3598,
profiling (2.027 ms) : 2009, 2045
.   : milestone, 2027,
tracing (1.811 ms) : 1796, 1826
.   : milestone, 1811,
section candidate
no_agent (1.179 ms) : 1168, 1191
.   : milestone, 1179,
iast (3.166 ms) : 3129, 3204
.   : milestone, 3166,
iast_FULL (5.662 ms) : 5606, 5718
.   : milestone, 5662,
iast_GLOBAL (3.567 ms) : 3507, 3628
.   : milestone, 3567,
profiling (1.91 ms) : 1895, 1926
.   : milestone, 1910,
tracing (1.769 ms) : 1754, 1784
.   : milestone, 1769,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.177 ms [1.166 ms, 1.189 ms]	-
iast	3.188 ms [3.143 ms, 3.232 ms]	2.011 ms (170.8%)
iast_FULL	5.681 ms [5.625 ms, 5.738 ms]	4.504 ms (382.6%)
iast_GLOBAL	3.598 ms [3.542 ms, 3.653 ms]	2.421 ms (205.6%)
profiling	2.027 ms [2.009 ms, 2.045 ms]	849.807 µs (72.2%)
tracing	1.811 ms [1.796 ms, 1.826 ms]	633.891 µs (53.8%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.179 ms [1.168 ms, 1.191 ms]	-
iast	3.166 ms [3.129 ms, 3.204 ms]	1.987 ms (168.5%)
iast_FULL	5.662 ms [5.606 ms, 5.718 ms]	4.483 ms (380.1%)
iast_GLOBAL	3.567 ms [3.507 ms, 3.628 ms]	2.388 ms (202.5%)
profiling	1.91 ms [1.895 ms, 1.926 ms]	730.924 µs (62.0%)
tracing	1.769 ms [1.754 ms, 1.784 ms]	589.775 µs (50.0%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.365 ms) : 17191, 17539
.   : milestone, 17365,
appsec (19.494 ms) : 19293, 19696
.   : milestone, 19494,
code_origins (17.723 ms) : 17546, 17900
.   : milestone, 17723,
iast (18.04 ms) : 17859, 18220
.   : milestone, 18040,
profiling (18.936 ms) : 18744, 19128
.   : milestone, 18936,
tracing (17.449 ms) : 17273, 17625
.   : milestone, 17449,
section candidate
no_agent (19.026 ms) : 18829, 19224
.   : milestone, 19026,
appsec (19.325 ms) : 19122, 19528
.   : milestone, 19325,
code_origins (17.907 ms) : 17730, 18084
.   : milestone, 17907,
iast (18.516 ms) : 18330, 18703
.   : milestone, 18516,
profiling (19.308 ms) : 19116, 19500
.   : milestone, 19308,
tracing (17.592 ms) : 17415, 17769
.   : milestone, 17592,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	17.365 ms [17.191 ms, 17.539 ms]	-
appsec	19.494 ms [19.293 ms, 19.696 ms]	2.129 ms (12.3%)
code_origins	17.723 ms [17.546 ms, 17.9 ms]	357.766 µs (2.1%)
iast	18.04 ms [17.859 ms, 18.22 ms]	674.472 µs (3.9%)
profiling	18.936 ms [18.744 ms, 19.128 ms]	1.571 ms (9.0%)
tracing	17.449 ms [17.273 ms, 17.625 ms]	84.147 µs (0.5%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	19.026 ms [18.829 ms, 19.224 ms]	-
appsec	19.325 ms [19.122 ms, 19.528 ms]	298.625 µs (1.6%)
code_origins	17.907 ms [17.73 ms, 18.084 ms]	-1.12 ms (-5.9%)
iast	18.516 ms [18.33 ms, 18.703 ms]	-510.266 µs (-2.7%)
profiling	19.308 ms [19.116 ms, 19.5 ms]	281.631 µs (1.5%)
tracing	17.592 ms [17.415 ms, 17.769 ms]	-1.434 ms (-7.5%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/fix-derivatives
git_commit_date	1762804509	1762855598
git_commit_sha	`7aef6ed`	`270a64c`
release_version	1.56.0-SNAPSHOT~7aef6ed5f2	1.56.0-SNAPSHOT~270a64c93d

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1762857626	1762857626
ci_job_id	1227256782	1227256782
ci_pipeline_id	81922586	81922586
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-2-sq84fxnz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-2-sq84fxnz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.469 ms) : 1458, 1481
.   : milestone, 1469,
appsec (3.638 ms) : 3424, 3852
.   : milestone, 3638,
iast (2.207 ms) : 2143, 2271
.   : milestone, 2207,
iast_GLOBAL (2.248 ms) : 2183, 2312
.   : milestone, 2248,
profiling (2.048 ms) : 1997, 2100
.   : milestone, 2048,
tracing (2.029 ms) : 1979, 2079
.   : milestone, 2029,
section candidate
no_agent (1.47 ms) : 1459, 1482
.   : milestone, 1470,
appsec (3.685 ms) : 3469, 3900
.   : milestone, 3685,
iast (2.214 ms) : 2150, 2278
.   : milestone, 2214,
iast_GLOBAL (2.239 ms) : 2175, 2302
.   : milestone, 2239,
profiling (2.048 ms) : 1997, 2100
.   : milestone, 2048,
tracing (2.03 ms) : 1980, 2079
.   : milestone, 2030,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.458 ms, 1.481 ms]	-
appsec	3.638 ms [3.424 ms, 3.852 ms]	2.169 ms (147.6%)
iast	2.207 ms [2.143 ms, 2.271 ms]	738.113 µs (50.2%)
iast_GLOBAL	2.248 ms [2.183 ms, 2.312 ms]	778.532 µs (53.0%)
profiling	2.048 ms [1.997 ms, 2.1 ms]	579.038 µs (39.4%)
tracing	2.029 ms [1.979 ms, 2.079 ms]	559.711 µs (38.1%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.47 ms [1.459 ms, 1.482 ms]	-
appsec	3.685 ms [3.469 ms, 3.9 ms]	2.214 ms (150.6%)
iast	2.214 ms [2.15 ms, 2.278 ms]	743.599 µs (50.6%)
iast_GLOBAL	2.239 ms [2.175 ms, 2.302 ms]	768.285 µs (52.2%)
profiling	2.048 ms [1.997 ms, 2.1 ms]	578.008 µs (39.3%)
tracing	2.03 ms [1.98 ms, 2.079 ms]	559.123 µs (38.0%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.56.0-SNAPSHOT~270a64c93d, baseline=1.56.0-SNAPSHOT~7aef6ed5f2
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.264 s) : 15264000, 15264000
.   : milestone, 15264000,
appsec (14.835 s) : 14835000, 14835000
.   : milestone, 14835000,
iast (18.438 s) : 18438000, 18438000
.   : milestone, 18438000,
iast_GLOBAL (18.076 s) : 18076000, 18076000
.   : milestone, 18076000,
profiling (15.256 s) : 15256000, 15256000
.   : milestone, 15256000,
tracing (14.63 s) : 14630000, 14630000
.   : milestone, 14630000,
section candidate
no_agent (15.694 s) : 15694000, 15694000
.   : milestone, 15694000,
appsec (14.8 s) : 14800000, 14800000
.   : milestone, 14800000,
iast (18.248 s) : 18248000, 18248000
.   : milestone, 18248000,
iast_GLOBAL (18.171 s) : 18171000, 18171000
.   : milestone, 18171000,
profiling (15.183 s) : 15183000, 15183000
.   : milestone, 15183000,
tracing (14.712 s) : 14712000, 14712000
.   : milestone, 14712000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.264 s [15.264 s, 15.264 s]	-
appsec	14.835 s [14.835 s, 14.835 s]	-429.0 ms (-2.8%)
iast	18.438 s [18.438 s, 18.438 s]	3.174 s (20.8%)
iast_GLOBAL	18.076 s [18.076 s, 18.076 s]	2.812 s (18.4%)
profiling	15.256 s [15.256 s, 15.256 s]	-8.0 ms (-0.1%)
tracing	14.63 s [14.63 s, 14.63 s]	-634.0 ms (-4.2%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.694 s [15.694 s, 15.694 s]	-
appsec	14.8 s [14.8 s, 14.8 s]	-894.0 ms (-5.7%)
iast	18.248 s [18.248 s, 18.248 s]	2.554 s (16.3%)
iast_GLOBAL	18.171 s [18.171 s, 18.171 s]	2.477 s (15.8%)
profiling	15.183 s [15.183 s, 15.183 s]	-511.0 ms (-3.3%)
tracing	14.712 s [14.712 s, 14.712 s]	-982.0 ms (-6.3%)

...t/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy

Fix

e8d0980

jandro996 added type: bug Bug report and fix comp: asm waf Application Security Management (WAF) labels Nov 10, 2025

This was referenced Nov 10, 2025

Fix ConcurrentModificationException error in AppsecRequestContext #9880

Closed

Fix NullPointerException in AppSecRequestContext#close #9902

Closed

Merge branch 'master' into alejandro.gonzalez/fix-derivatives

8f586b7

jandro996 requested a review from manuel-alvarez-alvarez November 10, 2025 11:17

manuel-alvarez-alvarez reviewed Nov 11, 2025

View reviewed changes

...t/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy Show resolved Hide resolved

jandro996 marked this pull request as ready for review November 11, 2025 09:01

jandro996 requested a review from a team as a code owner November 11, 2025 09:01

jandro996 requested review from claponcet and smola November 11, 2025 09:01

jandro996 added this to the 1.56.0 milestone Nov 11, 2025

jandro996 added 2 commits November 11, 2025 10:11

use CountDownLatch to guarantee sync

6ba3b47

Merge branch 'master' into alejandro.gonzalez/fix-derivatives

f7307d2

manuel-alvarez-alvarez reviewed Nov 11, 2025

View reviewed changes

...t/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy Outdated Show resolved Hide resolved

manuel-alvarez-alvarez approved these changes Nov 11, 2025

View reviewed changes

use futures instead of doneLatch

270a64c

jandro996 enabled auto-merge (squash) November 11, 2025 10:10

jandro996 merged commit d0b1258 into master Nov 11, 2025
539 checks passed

jandro996 deleted the alejandro.gonzalez/fix-derivatives branch November 11, 2025 11:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix thread-safety in AppSecRequestContext derivatives field #9923

Fix thread-safety in AppSecRequestContext derivatives field #9923

Uh oh!

jandro996 commented Nov 10, 2025 •

edited

Loading

Uh oh!

datadog-datadog-prod-us1 bot commented Nov 10, 2025 •

edited by datadog-official bot

Loading

Uh oh!

pr-commenter bot commented Nov 10, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Fix thread-safety in AppSecRequestContext derivatives field #9923

Fix thread-safety in AppSecRequestContext derivatives field #9923

Uh oh!

Conversation

jandro996 commented Nov 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

Uh oh!

datadog-datadog-prod-us1 bot commented Nov 10, 2025 • edited by datadog-official bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pr-commenter bot commented Nov 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jandro996 commented Nov 10, 2025 •

edited

Loading

datadog-datadog-prod-us1 bot commented Nov 10, 2025 •

edited by datadog-official bot

Loading

pr-commenter bot commented Nov 10, 2025 •

edited

Loading